MDVSA-2014:024 -- Mandriva graphvizID: oval:org.secpod.oval:def:1300273 | Date: (C)2014-02-20 (M)2022-10-10 |
Class: PATCH | Family: unix |
Updated graphviz packages fix security vulnerabilities: Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror function which can be exploited to cause a stack-based buffer overflow via a specially crafted file and the acceptance of an arbitrarily long digit list by a regular expression matched against user input . A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.
Platform: |
Mandriva Enterprise Server 5.2 |